🔐 Cybersecurity Glossary
Over 265 professional cybersecurity terms in English & Arabic — your comprehensive reference for the cybersecurity world
265 terms
16 categories
47 frameworks
All
🏛 Governance & Strategy 35
⚖ Risk Management 17
🔑 Identity & Access 14
🌐 Network Security 16
🔒 Data Protection 11
⚡ Threat & Attack 22
🚨 Incident Response 13
☑ Compliance & Audit 12
🔐 Cryptography 11
☁ Cloud Security 9
💻 Application Security 11
§ Privacy & Data Law 12
🛡 Security Operations 17
♻ Business Continuity 9
🇸🇦 Saudi Regulations 14
🛡️ Platform Tools 1
NCA_ECC (122)
SAMA_CSF (76)
PCI_DSS (47)
ISO_27001 (39)
PDPL (34)
NIST_CSF (29)
Array (25)
NCA ECC (20)
SAMA CSF (20)
NCA_CSCC (14)
✕ Clear
48 terms
🔑 Access Control List
ACL
قائمة التحكم بالوصول
A list of permissions attached to a system resource that specifies which users or system processes are granted access.
🔐 Advanced Encryption Standard
AES
معيار التشفير المتقدم
A symmetric block cipher chosen by the US government to protect classified information, using key sizes of 128, 192, or 256 bits.
💻 API Security
أمن واجهات البرمجة
The practice of protecting Application Programming Interfaces from attacks and misuse.
🛡️ ARIA
ARIA
آريا
AI Regulatory Intelligence Advisor — CISO Consulting's enterprise Virtual CISO (vCISO) module. ARIA provides AI-powered cybersecurity advisory services including policy generation, risk assessment, compliance gap analysis, board reports, and document generation in Word, Excel, PowerPoint, and PDF formats. Specialized in Saudi regulatory frameworks: SAMA CSF, NCA ECC, PDPL, and international standards including ISO 27001, NIST CSF, and PCI DSS.
☑ Audit Trail
مسار التدقيق
A chronological record of system activities that provides documentary evidence of the sequence of activities that have affected operations, procedures, or events.
⚡ Brute Force Attack
هجوم القوة الغاشمة
An attack method that uses trial and error to guess passwords, login credentials, or encryption keys.
⚖ Common Vulnerabilities and Exposures
CVE
الثغرات والتعرضات الشائعة
A publicly disclosed list of cybersecurity vulnerabilities, each assigned a unique identifier for tracking and reference.
⚖ Common Vulnerability Scoring System
CVSS
نظام تسجيل الثغرات المشترك
An open framework for communicating the characteristics and severity of software vulnerabilities using a numerical score from 0 to 10.
☑ Compensating Control
الضابط التعويضي
An alternative security measure employed when the primary control cannot be implemented.
⚡ Credential Stuffing
حشو بيانات الاعتماد
An automated attack that uses stolen username/password pairs from data breaches to attempt logins on other services.
⚡ Cross-Site Scripting
XSS
البرمجة عبر المواقع
A web security vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users.
🔒 Data at Rest
البيانات المخزنة
Data that is stored in databases, file systems, or other storage systems and is not actively being transmitted or processed.
§ Data Breach
انتهاك البيانات
A security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorized party.
🔒 Data in Transit
البيانات أثناء النقل
Data that is actively moving from one location to another, such as across the internet or through a private network.
🔒 Data Loss Prevention
DLP
منع فقدان البيانات
A set of tools and processes to ensure sensitive data is not lost, misused, or accessed by unauthorized users.
🔒 Data Masking
إخفاء البيانات
The process of hiding specific data within a database to ensure that sensitive data is not exposed to unauthorized personnel.
🌐 Demilitarized Zone
DMZ
المنطقة منزوعة السلاح
A perimeter network segment that sits between the internal network and the external network to provide an additional layer of security.
💻 Dynamic Application Security Testing
DAST
اختبار أمان التطبيقات الديناميكي
A security testing method that tests an application in its running state to find vulnerabilities from an external perspective.
🌐 Firewall
FW
الجدار الناري
A network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.
🔐 Hardware Security Module
HSM
وحدة أمن الأجهزة
A dedicated hardware device for managing and safeguarding digital keys and performing cryptographic operations.
🔐 Hash Function
دالة التجزئة
A mathematical function that converts an input of arbitrary length into a fixed-size output, commonly used for data integrity verification.
🚨 Incident Response Plan
IRP
خطة الاستجابة للحوادث
A documented plan that outlines the procedures and responsibilities for detecting, responding to, and recovering from cybersecurity incidents.
🌐 Intrusion Detection System
IDS
نظام كشف التسلل
A system that monitors network or system activities for malicious activities or policy violations and produces alerts.
🔐 Key Management
إدارة المفاتيح
The administration of cryptographic keys in a cryptosystem, including generation, exchange, storage, use, and replacement of keys.
🔑 Least Privilege
أقل الصلاحيات
The principle that users should be given the minimum levels of access needed to perform their job functions.
🛡 Log Correlation
ارتباط السجلات
The process of analyzing logs from multiple sources to identify patterns, anomalies, and potential security incidents.
⚡ Malware
البرمجيات الخبيثة
Software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
🔑 Multi-Factor Authentication
MFA
المصادقة متعددة العوامل
An authentication method requiring two or more verification factors: something you know, something you have, or something you are.
🌐 Network Segmentation
تجزئة الشبكة
The practice of splitting a network into sub-networks to improve security and performance.
💻 OWASP Top 10
أوواسب أعلى 10
A standard awareness document listing the ten most critical web application security risks, updated periodically.
🛡 Patch Management
إدارة التحديثات الأمنية
The process of distributing and applying updates to software to fix vulnerabilities and improve security.
💻 Penetration Testing
Pentest
اختبار الاختراق
An authorized simulated cyberattack on a computer system to evaluate its security and identify vulnerabilities.
🔑 Privileged Access Management
PAM
إدارة الوصول المميز
A set of cybersecurity strategies and technologies for exerting control over elevated access and permissions for users, accounts, and systems.
🔐 RSA
RSA
خوارزمية RSA
An asymmetric cryptographic algorithm widely used for secure data transmission using a public and private key pair.
💻 Runtime Application Self-Protection
RASP
الحماية الذاتية لتطبيقات وقت التشغيل
A security technology that is built into an application to detect and prevent real-time attacks.
☑ Scope
النطاق
The boundaries of a compliance assessment defining which systems, processes, and locations are included in the evaluation.
💻 Secure Software Development Lifecycle
SSDLC
دورة حياة تطوير البرمجيات الآمنة
An approach to software development that integrates security activities at every phase of the development lifecycle.
🛡 Security Information and Event Management
SIEM
إدارة معلومات وأحداث الأمن
A solution that provides real-time analysis of security alerts generated by applications and network hardware through centralized log collection and correlation.
💻 Software Composition Analysis
SCA
تحليل تركيب البرمجيات
A process of identifying open-source software components and their known vulnerabilities in application codebases.
⚡ SQL Injection
SQLi
حقن SQL
A code injection technique used to attack data-driven applications by inserting malicious SQL statements into entry fields.
🌐 SSL/TLS Certificate
SSL
شهادة SSL/TLS
A digital certificate that authenticates a website identity and enables encrypted connections between a web server and browser.
💻 Static Application Security Testing
SAST
اختبار أمان التطبيقات الثابت
A security testing method that analyzes source code, bytecode, or binary code for vulnerabilities without executing the program.
🔒 Tokenization
الترميز
The process of replacing sensitive data with unique identification symbols that retain all essential information without compromising security.
🔐 Transport Layer Security
TLS
أمن طبقة النقل
A cryptographic protocol designed to provide communications security over a computer network, used to secure web traffic.
🌐 Virtual Private Network
VPN
الشبكة الافتراضية الخاصة
A technology that creates an encrypted connection over a less secure network, providing secure remote access to organizational resources.
⚖ Vulnerability
Vuln
الثغرة الأمنية
A weakness in a system, application, or process that could be exploited by a threat to gain unauthorized access or cause harm.
🛡 Vulnerability Assessment
VA
تقييم الثغرات
A systematic review of security weaknesses in an information system to identify, quantify, and prioritize vulnerabilities.
🌐 Web Application Firewall
WAF
جدار حماية تطبيقات الويب
A security solution that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application.